| Category | Started On | Completed On | Duration | Cuckoo Version |
|---|---|---|---|---|
| FILE | 2016-11-06 21:46:55.282397 | 2016-11-06 21:52:47.747142 | 352 seconds | 2.0-dev |
| Machine | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| windowsxp1 | windowsxp1 | VirtualBox | 2016-11-06 21:49:54 | 2016-11-06 21:52:47 |
| File name | invoice_J-19161427.doc | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| File size | 43008 bytes | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| File type | Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 1251, Author: Administrator, Template: Normal.dot, Last Saved By: User, Revision Number: 8, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Create Time/Date: Tue Feb 16 11:50:00 2016, Last Saved Time/Date: Tue Feb 16 11:52:00 2016, Number of Pages: 1, Number of Words: 87, Number of Characters: 499, Security: 0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CRC32 | 42245577 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| MD5 | d2e4984e6ee44a756abfa59f775cc12a | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA1 | 674d9b8dc93e0e75ac4561df6ee388c65e2c56e7 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA256 | 5ad06eda999a9f2f28c2057ba40bd2f7b6a7cb2e1915104b2724753649e97de5 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| SHA512 | f8755cc94edba4f280e57e2cfdad41baaaa0831e20828afb153e7829d1667e420f2f2588584a302309d18139d4d2093233d16bbf1e7bb858d3ebf8adad461279 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Ssdeep | 384:nFZQZtDGGkLmTUrioRPATRn633Dmej0SnJzbmiVywP0jKk:nSoqwT2J633DVgiVy25 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| PEiD | None matched | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Yara | None matched | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| VirusTotal |
Permalink VirusTotal Scan Date: 2016-11-04 14:52:10 Detection Rate: 44/55 (Expand)
|
| File name | 4826c0d860af884d_~wrs{fa63aed5-59f6-4892-86ed-1cb056a2f756}.tmp |
|---|---|
| File size | 1024 bytes |
| File type | data |
| MD5 | 5d4d94ee7e06bbb0af9584119797b23a |
| SHA1 | dbb111419c704f116efa8e72471dd83e86e49677 |
| SHA256 | 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1 |
| SHA512 | 95f83ae84cafcced5eaf504546725c34d5f9710e5ca2d11761486970f2fbeccb25f9cf50bbfc272bd75e1a66a18b7783f09e1c1454afda519624bc2bb2f28ba4 |
| Ssdeep | 3:ol3lYdn:4Wn |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| File name | b27b98df298e685e_~$normal.dotm |
|---|---|
| File size | 162 bytes |
| File type | data |
| MD5 | f7ae9c8c54bcb2cb8c1e3ba49eeb2b05 |
| SHA1 | bc2a4f523359d033d228e6832314973ba80cc83f |
| SHA256 | b27b98df298e685e1215345691123b3b5d81be0b55ca5c8840070ab0d42246f8 |
| SHA512 | 1e1a6fddfa3bf46ad45d64e43c6d2515e87faf4cac7fd51daa66fb2dc50ce7853b918f34b09ce108958ddd4f8e01cdbbed488d7f70ee4dfe21c977857772e5d5 |
| Ssdeep | 3:PtTtqlll/3l/1HXMDd1l//lCllflzNV:PtstK+7j |
| Yara | None matched |
| VirusTotal | Search for Analysis |
registry filesystem process services network synchronization
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|---|---|---|---|---|---|
| 2016-11-06 21:47:19.548089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Microsoft Office\Office12\wwlib.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\wwlib.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:19.568089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Microsoft Office\Office12\wwlib.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\wwlib.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:19.638089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Microsoft Office\Office12\oart.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\oart.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:19.648089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Microsoft Office\Office12\oart.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\oart.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:19.688089 | NtOpenFile |
file_handle => 0x00000038 filepath => C:\WINDOWS\system32\imm32.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\IMM32.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:19.708089 | LdrLoadDll |
basename => IMM32 module_address => 0x76390000 flags => 0 module_name => C:\WINDOWS\system32\IMM32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:19.718089 | LdrLoadDll |
basename => LPK module_address => 0x629c0000 flags => 0 module_name => LPK.DLL |
SUCCESS | |||
| 2016-11-06 21:47:19.748089 | NtOpenFile |
file_handle => 0x00000048 filepath => \Device\KsecDD desired_access => 0x00100001 filepath_r => \Device\KsecDD open_options => 16 status_info => 0 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:19.768089 | LdrLoadDll |
basename => wwlib module_address => 0x31240000 flags => 0 module_name => wwlib.dll |
SUCCESS | |||
| 2016-11-06 21:47:19.788089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\mso.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:19.798089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\mso.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:19.848089 | NtOpenFile |
file_handle => 0x00000064 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:19.868089 | NtOpenFile |
file_handle => 0x00000064 filepath => C:\Program Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:19.868089 | LdrLoadDll |
basename => mso module_address => 0x32600000 flags => 0 module_name => C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll |
SUCCESS | |||
| 2016-11-06 21:47:19.879089 | LdrLoadDll |
basename => MSO module_address => 0x32600000 flags => 0 module_name => MSO.dll |
SUCCESS | |||
| 2016-11-06 21:47:19.879089 | LdrLoadDll |
basename => mso module_address => 0x32600000 flags => 0 module_name => mso.dll |
SUCCESS | |||
| 2016-11-06 21:47:19.929089 | NtOpenFile |
file_handle => 0x00000078 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Cultures\OFFICE.ODF desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\Cultures\office.odf open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:19.959089 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Cultures\OFFICE.ODF desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\Cultures\office.odf create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:19.989089 | LdrLoadDll |
basename => Kernel32 module_address => 0x7c800000 flags => 0 module_name => Kernel32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:19.999089 | LdrLoadDll |
basename => wwintl module_address => 0x33d00000 flags => 2 module_name => C:\Program Files\Microsoft Office\Office12\1033\wwintl.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.009089 | LdrLoadDll |
basename => ADVAPI32 module_address => 0x77dd0000 flags => 0 module_name => C:\WINDOWS\system32\ADVAPI32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:20.149089 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.189089 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.269089 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.329089 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.329089 | LdrLoadDll |
basename => uxtheme module_address => 0x5ad70000 flags => 0 module_name => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.379089 | LdrLoadDll |
basename => KERNEL32 module_address => 0x7c800000 flags => 0 module_name => C:\WINDOWS\system32\KERNEL32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:20.670089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:20.680089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:20.730089 | LdrLoadDll |
basename => MSPTLS module_address => 0x6bdc0000 flags => 0 module_name => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL |
SUCCESS | |||
| 2016-11-06 21:47:20.800089 | NtOpenFile |
file_handle => 0x000000c0 filepath => C:\WINDOWS\system32\shell32.dll desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\SHELL32.DLL open_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:20.810089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\SHELL32.DLL.124.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\SHELL32.DLL.124.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:20.830089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\SHELL32.DLL.124.Config desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\SHELL32.DLL.124.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:20.910089 | LdrLoadDll |
basename => comctl32 module_address => 0x773d0000 flags => 0 module_name => comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.930089 | LdrLoadDll |
basename => comctl32 module_address => 0x5d090000 flags => 0 module_name => comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.940089 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => SHELL32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:20.970089 | LdrLoadDll |
basename => Comctl32 module_address => 0x773d0000 flags => 0 module_name => Comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:20.990089 | LdrLoadDll |
basename => rpcrt4 module_address => 0x77e70000 flags => 0 module_name => rpcrt4.dll |
SUCCESS | |||
| 2016-11-06 21:47:21.000089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000114 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:21.010089 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x00000114 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:21.050089 | LdrLoadDll |
basename => MSCTF module_address => 0x74720000 flags => 0 module_name => C:\WINDOWS\system32\MSCTF.dll |
SUCCESS | |||
| 2016-11-06 21:47:21.050089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000118 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:21.050089 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x00000118 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:21.080089 | LdrLoadDll |
basename => version module_address => 0x77c00000 flags => 0 module_name => version.dll |
SUCCESS | |||
| 2016-11-06 21:47:21.090089 | NtOpenFile |
file_handle => 0x00000110 filepath => C:\WINDOWS\system32\MSCTFIME.IME desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\msctfime.ime open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.110089 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000011c filepath => C:\WINDOWS\system32\MSCTFIME.IME desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\msctfime.ime create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.120089 | NtOpenFile |
file_handle => 0x00000110 filepath => C:\WINDOWS\system32\MSCTFIME.IME desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\msctfime.ime open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.130089 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000011c filepath => C:\WINDOWS\system32\MSCTFIME.IME desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\msctfime.ime create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.150089 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => C:\WINDOWS\system32\ole32.dll |
SUCCESS | |||
| 2016-11-06 21:47:21.170089 | LdrLoadDll |
basename => msctfime.ime module_address => 0x755c0000 flags => 0 module_name => C:\WINDOWS\system32\msctfime.ime |
SUCCESS | |||
| 2016-11-06 21:47:21.170089 | LdrLoadDll |
basename => msctfime.ime module_address => 0x755c0000 flags => 0 module_name => C:\WINDOWS\system32\msctfime.ime |
SUCCESS | |||
| 2016-11-06 21:47:21.200089 | LdrLoadDll |
basename => MSORES module_address => 0x00fe0000 flags => 2 module_name => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSORES.DLL |
SUCCESS | |||
| 2016-11-06 21:47:21.210089 | LdrLoadDll |
basename => MSOINTL module_address => 0x01740000 flags => 2 module_name => C:\Program Files\Common Files\Microsoft Shared\office12\1033\MSOINTL.DLL |
SUCCESS | |||
| 2016-11-06 21:47:21.210089 | LdrLoadDll |
basename => Comctl32 module_address => 0x773d0000 flags => 0 module_name => Comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:21.220089 | LdrLoadDll |
basename => mscoree module_address => 0x00000000 flags => 0 module_name => C:\WINDOWS\system32\mscoree.dll |
FAILURE | |||
| 2016-11-06 21:47:21.230089 | LdrLoadDll |
basename => VERSION module_address => 0x77c00000 flags => 0 module_name => VERSION.DLL |
SUCCESS | |||
| 2016-11-06 21:47:21.240089 | NtOpenFile |
file_handle => 0x00000130 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.250089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.260089 | NtOpenFile |
file_handle => 0x00000130 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.271089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:21.281089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000130 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Word12.pip desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Word12.pip create_options => 4194404 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:21.301089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\OPA12.BAK desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\OPA12.BAK create_options => 2097252 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:21.311089 | NtCreateFile |
create_disposition => 2 file_handle => 0x00000000 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat desired_access => 0x40110080 file_attributes => 32 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\opa12.dat create_options => 100 status_info => 4294967295 share_access => 0 |
FAILURE | |||
| 2016-11-06 21:47:21.321089 | NtOpenFile |
file_handle => 0x00000134 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat desired_access => 0x00100100 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\opa12.dat open_options => 2113568 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:21.341089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\opa12.dat create_options => 4196448 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:21.351089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\DATA\opa12.dat create_options => 4196448 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:23.023089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000134 filepath => C:\Program Files\Microsoft Office\Office12\ID_00030.DPC desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\ID_00030.DPC create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:23.233089 | OleInitialize | SUCCESS | ||||
| 2016-11-06 21:47:23.243089 | LdrLoadDll |
basename => MSO module_address => 0x32600000 flags => 0 module_name => MSO.dll |
SUCCESS | |||
| 2016-11-06 21:47:23.323089 | LdrLoadDll |
basename => Winspool.DRV module_address => 0x73000000 flags => 0 module_name => Winspool.DRV |
SUCCESS | |||
| 2016-11-06 21:47:23.404089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\spool\drivers\w32x86\3\msonpui.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\msonpui.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:23.434089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\spool\drivers\w32x86\3\msonpui.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\msonpui.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:23.454089 | LdrLoadDll |
basename => msonpui module_address => 0x01640000 flags => 0 module_name => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\msonpui.dll |
SUCCESS | |||
| 2016-11-06 21:47:23.624089 | CoInitializeEx |
options => 2 |
FAILURE | |||
| 2016-11-06 21:47:23.624089 | NtOpenFile |
file_handle => 0x0000015c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.654089 | NtOpenFile |
file_handle => 0x0000015c filepath => C:\Program Files\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.664089 | NtOpenFile |
file_handle => 0x00000160 filepath => C:\Program Files\Microsoft Office\Office12\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.704089 | NtOpenFile |
file_handle => 0x00000160 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.804089 | LdrLoadDll |
basename => UxTheme module_address => 0x5ad70000 flags => 0 module_name => UxTheme.DLL |
SUCCESS | |||
| 2016-11-06 21:47:23.954089 | NtOpenFile |
file_handle => 0x00000168 filepath => C:\Program Files\Microsoft Office\Office12\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.964089 | NtOpenFile |
file_handle => 0x00000168 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.974089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000168 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:23.994089 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000016c filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:24.004089 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000016c filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:24.024089 | NtCreateFile |
create_disposition => 5 file_handle => 0x00000170 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dotm desired_access => 0x40100080 file_attributes => 2 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\~$Normal.dotm create_options => 4194400 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:24.024089 | NtWriteFile |
buffer => PKSJ file_handle => 0x00000170 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:24.055089 | NtWriteFile |
buffer => P K S J I T S ,¬b2 ¬b2å¸2 Èå¸2 xæ¸2 0ç¸2 ðç¸2 °è¸2 file_handle => 0x00000170 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:24.065089 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-06 21:47:24.075089 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-06 21:47:24.075089 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | |||
| 2016-11-06 21:47:24.095089 | LdrLoadDll |
basename => SETUPAPI module_address => 0x77920000 flags => 0 module_name => SETUPAPI.dll |
SUCCESS | |||
| 2016-11-06 21:47:24.095089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000190 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.105089 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x00000190 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:24.125089 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000018c filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.125089 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x0000018c offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:24.155089 | NtOpenFile |
file_handle => 0x00000194 filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.165089 | NtOpenFile |
file_handle => 0x00000194 filepath => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3131303066333036662020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.175089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.185089 | NtOpenFile |
file_handle => 0x00000194 filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureC725C725Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureC725C725Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.185089 | NtOpenFile |
file_handle => 0x00000194 filepath => \??\STORAGE#Volume#1&30a96598&0&SignatureC725C725Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} desired_access => 0x00100080 filepath_r => \??\STORAGE#Volume#1&30a96598&0&SignatureC725C725Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} open_options => 16 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.195089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.205089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.215089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.225089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.235089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000194 filepath => \??\MountPointManager desired_access => 0x00100080 file_attributes => 128 filepath_r => \??\MountPointManager create_options => 96 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.245089 | NtOpenFile |
file_handle => 0x00000198 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.255089 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => SHELL32.dll |
SUCCESS | |||
| 2016-11-06 21:47:24.255089 | LdrLoadDll |
basename => ole32 module_address => 0x774e0000 flags => 0 module_name => ole32.dll |
SUCCESS | |||
| 2016-11-06 21:47:24.275089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.285089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.295089 | CoUninitialize | SUCCESS | ||||
| 2016-11-06 21:47:24.305089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.315089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.325089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.335089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:24.345089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:24.355089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:24.365089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.375089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.385089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.395089 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-06 21:47:24.405089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.415089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.415089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.425089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:24.445089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:24.465089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:24.475089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:24.485089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:24.495089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\My Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\My Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:24.505089 | CoUninitialize | SUCCESS | ||||
| 2016-11-06 21:47:24.515089 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-06 21:47:24.515089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.525089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.535089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\All Users\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\All Users\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.545089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\All Users\Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\All Users\Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:24.555089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\All Users\Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\All Users\Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:24.565089 | NtOpenFile |
file_handle => 0x00000194 filepath => C:\Documents and Settings\All Users\Documents\desktop.ini desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\All Users\Documents\desktop.ini open_options => 96 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:24.575089 | CoUninitialize | SUCCESS | ||||
| 2016-11-06 21:47:24.575089 | CoInitializeEx |
options => 6 |
FAILURE | |||
| 2016-11-06 21:47:24.585089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.595089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.595089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\All Users\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\All Users\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.605089 | CoUninitialize | SUCCESS | ||||
| 2016-11-06 21:47:24.615089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.625089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 4294967295 share_access => 0 |
FAILURE | |||
| 2016-11-06 21:47:24.635089 | NtCreateFile |
create_disposition => 1 file_handle => 0x000001a4 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.645089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 96 status_info => 4294967295 share_access => 0 |
FAILURE | |||
| 2016-11-06 21:47:24.655089 | NtCreateFile |
create_disposition => 1 file_handle => 0x000001a4 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 4194400 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.665089 | NtCreateFile |
create_disposition => 1 file_handle => 0x000001a4 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dotm create_options => 96 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:24.675089 | LdrLoadDll |
basename => OLEAUT32 module_address => 0x77120000 flags => 0 module_name => OLEAUT32.dll |
SUCCESS | |||
| 2016-11-06 21:47:24.725089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.735089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.746089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\riched20.dll.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\riched20.dll.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:24.756089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\riched20.dll.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\office12\riched20.dll.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:24.776089 | LdrLoadDll |
basename => riched20 module_address => 0x3a780000 flags => 0 module_name => C:\Program Files\Common Files\Microsoft Shared\office12\riched20.dll |
SUCCESS | |||
| 2016-11-06 21:47:24.786089 | LdrLoadDll |
basename => OLEAUT32 module_address => 0x77120000 flags => 0 module_name => OLEAUT32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:24.806089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.816089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.826089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.826089 | CoCreateInstanceEx |
class_context => 0 clsid => {00000000-0000-0000-0000-000000000000} iid => [] |
FAILURE | |||
| 2016-11-06 21:47:24.826089 | LdrLoadDll |
basename => oleaut32 module_address => 0x77120000 flags => 0 module_name => oleaut32.dll |
SUCCESS | |||
| 2016-11-06 21:47:24.846089 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => C:\WINDOWS\system32\kernel32.dll |
SUCCESS | |||
| 2016-11-06 21:47:24.856089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.876089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.876089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.886089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.906089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.916089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.926089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.946089 | CoInitializeSecurity | SUCCESS | ||||
| 2016-11-06 21:47:24.946089 | LdrLoadDll |
basename => OLE32 module_address => 0x774e0000 flags => 0 module_name => OLE32 |
SUCCESS | |||
| 2016-11-06 21:47:24.966089 | LdrLoadDll |
basename => OLE32 module_address => 0x774e0000 flags => 0 module_name => OLE32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:24.966089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.976089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:24.976089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:25.016089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:25.016089 | CoCreateInstance |
class_context => 23 clsid => {88d969ec-8b8b-4c3d-859e-af6cd158be0f} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:25.056089 | NtCreateFile |
create_disposition => 5 file_handle => 0x00000194 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{FA63AED5-59F6-4892-86ED-1CB056A2F756}.tmp desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{FA63AED5-59F6-4892-86ED-1CB056A2F756}.tmp create_options => 4194400 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:25.056089 | NtWriteFile |
buffer =>
ý file_handle => 0x00000194 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:25.126089 | CoCreateInstance |
class_context => 23 clsid => {88d969ef-f192-11d4-a65f-0040963251e5} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:25.316089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Office\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Office\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.617089 | LdrLoadDll |
basename => gdi32 module_address => 0x77f10000 flags => 0 module_name => gdi32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:25.637089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.657089 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.667089 | NtOpenFile |
file_handle => 0x000001a0 filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.677089 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:25.847089 | NtOpenFile |
file_handle => 0x00000074 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.867089 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.877089 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.887089 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.897089 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.927089 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.937089 | NtOpenFile |
file_handle => 0x0000024c filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.957089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000074 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\invoice_J-19161427.doc desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\invoice_J-19161427.doc create_options => 4194400 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:25.967089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000074 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\invoice_J-19161427.doc desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\invoice_J-19161427.doc create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:25.977089 | NtCreateFile |
create_disposition => 2 file_handle => 0x00000284 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\~DFBE60.tmp desired_access => 0xc0110080 file_attributes => 256 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFBE60.tmp create_options => 4192 status_info => 2 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:25.997089 | NtOpenFile |
file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x00100020 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:26.057089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000290 filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:26.097089 | NtOpenFile |
file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x00100020 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:26.107089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000290 filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:26.117089 | NtOpenFile |
file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:26.127089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000290 filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:26.138089 | NtOpenFile |
file_handle => 0x0000007c filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x00100020 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:26.148089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000290 filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:26.158089 | NtCreateFile |
create_disposition => 5 file_handle => 0x0000007c filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\~$voice_J-19161427.doc desired_access => 0x40100080 file_attributes => 2 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~$voice_J-19161427.doc create_options => 4194400 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:26.168089 | NtWriteFile |
buffer => PKSJ file_handle => 0x0000007c offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:26.188089 | NtWriteFile |
buffer => P K S J I T S ,¬b2 ¬b2å¸2 Èå¸2 xæ¸2 0ç¸2 ðç¸2 °è¸2 file_handle => 0x0000007c offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:26.278089 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.288089 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.298089 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.298089 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.308089 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.318089 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.318089 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.328089 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.328089 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.338089 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.348089 | NtOpenFile |
file_handle => 0x00000290 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.408089 | NtOpenFile |
file_handle => 0x000000e0 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.418089 | NtOpenFile |
file_handle => 0x000000e0 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.428089 | NtOpenFile |
file_handle => 0x000000e0 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.428089 | NtOpenFile |
file_handle => 0x000000e0 filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:26.818089 | NtCreateFile |
create_disposition => 5 file_handle => 0x00000298 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{1D3F12AD-9B54-4D6C-B7C4-E5C01F41A4F3}.tmp desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS{1D3F12AD-9B54-4D6C-B7C4-E5C01F41A4F3}.tmp create_options => 4194400 status_info => 2 share_access => 0 |
SUCCESS | |||
| 2016-11-06 21:47:26.829089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\review.rcd desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\review.rcd open_options => 96 status_info => 4294967295 share_access => 7 |
FAILURE | |||
| 2016-11-06 21:47:26.839089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\review.rcd desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\review.rcd create_options => 4194404 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:26.909089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\adhoc.rcd desired_access => 0x80100000 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\adhoc.rcd open_options => 96 status_info => 4294967295 share_access => 7 |
FAILURE | |||
| 2016-11-06 21:47:26.909089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\adhoc.rcd desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\adhoc.rcd create_options => 4194404 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:27.449089 | NtOpenFile |
file_handle => 0x000002a8 filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:27.540089 | LdrLoadDll |
basename => Shlwapi module_address => 0x77f60000 flags => 0 module_name => Shlwapi.dll |
SUCCESS | |||
| 2016-11-06 21:47:27.540089 | LdrLoadDll |
basename => Shlwapi module_address => 0x77f60000 flags => 0 module_name => Shlwapi.DLL |
SUCCESS | |||
| 2016-11-06 21:47:27.570089 | CoInitializeEx |
options => 2 |
SUCCESS | |||
| 2016-11-06 21:47:27.580089 | NtOpenFile |
file_handle => 0x000002d4 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.590089 | NtOpenFile |
file_handle => 0x000002d4 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.600089 | NtOpenFile |
file_handle => 0x000002d4 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.610089 | NtOpenFile |
file_handle => 0x000002d4 filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.620089 | NtOpenFile |
file_handle => 0x000002d4 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.660089 | NtOpenFile |
file_handle => 0x000002b4 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.670089 | NtOpenFile |
file_handle => 0x000002b4 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.680089 | NtOpenFile |
file_handle => 0x000002b4 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.690089 | NtOpenFile |
file_handle => 0x000002b4 filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.700089 | NtOpenFile |
file_handle => 0x000002dc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.710089 | NtOpenFile |
file_handle => 0x000002dc filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.710089 | NtOpenFile |
file_handle => 0x000002dc filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.720089 | NtOpenFile |
file_handle => 0x000002dc filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.730089 | NtOpenFile |
file_handle => 0x000002dc filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.750089 | NtOpenFile |
file_handle => 0x000002dc filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.750089 | NtOpenFile |
file_handle => 0x000002dc filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.760089 | NtOpenFile |
file_handle => 0x000002dc filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:27.800089 | OleInitialize | FAILURE | ||||
| 2016-11-06 21:47:27.810089 | LdrLoadDll |
basename => msi module_address => 0x3fde0000 flags => 0 module_name => msi.dll |
SUCCESS | |||
| 2016-11-06 21:47:27.810089 | LdrLoadDll |
basename => user32 module_address => 0x7e410000 flags => 0 module_name => user32.dll |
SUCCESS | |||
| 2016-11-06 21:47:29.342089 | LdrLoadDll |
basename => SXS module_address => 0x7e720000 flags => 0 module_name => SXS.DLL |
SUCCESS | |||
| 2016-11-06 21:47:29.382089 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000030c filepath => C:\Program Files\Microsoft Office\Office12\MSWORD.OLB desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\MSWORD.OLB create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:29.542089 | LdrLoadDll |
basename => VBE6 module_address => 0x65000000 flags => 0 module_name => C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL |
SUCCESS | |||
| 2016-11-06 21:47:29.673089 | LdrLoadDll |
basename => VBE6INTL module_address => 0x65300000 flags => 0 module_name => C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\1033\VBE6INTL.DLL |
SUCCESS | |||
| 2016-11-06 21:47:29.673089 | OleInitialize | FAILURE | ||||
| 2016-11-06 21:47:29.673089 | LdrLoadDll |
basename => OLEAUT32 module_address => 0x77120000 flags => 0 module_name => OLEAUT32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:29.713089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{D811A38D-D1CC-4442-9089-14E359D5B239}.tmp desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{D811A38D-D1CC-4442-9089-14E359D5B239}.tmp create_options => 4194400 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-06 21:47:29.723089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{D811A38D-D1CC-4442-9089-14E359D5B239}.tmp desired_access => 0x00120089 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{D811A38D-D1CC-4442-9089-14E359D5B239}.tmp create_options => 0 status_info => 4294967295 share_access => 7 |
FAILURE | |||
| 2016-11-06 21:47:29.723089 | NtCreateFile |
create_disposition => 2 file_handle => 0x00000300 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{D811A38D-D1CC-4442-9089-14E359D5B239}.tmp desired_access => 0xc0100080 file_attributes => 128 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRF{D811A38D-D1CC-4442-9089-14E359D5B239}.tmp create_options => 96 status_info => 2 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:29.903089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000318 filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:29.953089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000330 filepath => C:\WINDOWS\system32\stdole2.tlb desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\stdole2.tlb create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:30.113089 | LdrLoadDll |
basename => scp32 module_address => 0x0fef0000 flags => 0 module_name => scp32.dll |
SUCCESS | |||
| 2016-11-06 21:47:30.183089 | NtOpenFile |
file_handle => 0x00000324 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temp\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.203089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000324 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:30.584089 | NtOpenFile |
file_handle => 0x00000328 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.584089 | NtOpenFile |
file_handle => 0x00000328 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.594089 | NtOpenFile |
file_handle => 0x00000328 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.604089 | NtOpenFile |
file_handle => 0x00000328 filepath => C:\Documents and Settings\Administrator\Application Data\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.604089 | NtOpenFile |
file_handle => 0x00000328 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.614089 | NtOpenFile |
file_handle => 0x00000328 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.674089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL\3 desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL\3 create_options => 2144 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:30.684089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000328 filepath => C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:30.724089 | NtCreateFile |
create_disposition => 2 file_handle => 0x00000338 filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\VBE desired_access => 0x00100001 file_attributes => 128 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VBE create_options => 16417 status_info => 2 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:30.994089 | NtOpenFile |
file_handle => 0x0000033c filepath => C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Office\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Office\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:31.115089 | NtOpenFile |
file_handle => 0x00000348 filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:31.135089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000350 filepath => \\?\PIPE\lsarpc desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\lsarpc create_options => 64 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:31.135089 | NtWriteFile |
buffer => H ¸¸ xW44Í«ï #Eg« ]ëÉè +H` file_handle => 0x00000350 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:31.175089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:31.195089 | LdrLoadDll |
basename => VBE6 module_address => 0x65000000 flags => 0 module_name => VBE6.DLL |
SUCCESS | |||
| 2016-11-06 21:47:31.375089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:31.475089 | LdrLoadDll |
basename => VBE6 module_address => 0x65000000 flags => 0 module_name => VBE6.DLL |
SUCCESS | |||
| 2016-11-06 21:47:31.575089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:31.645089 | LdrLoadDll |
basename => VBE6 module_address => 0x65000000 flags => 0 module_name => VBE6.DLL |
SUCCESS | |||
| 2016-11-06 21:47:31.776089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:31.976089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:32.176089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:32.376089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:32.577089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:32.697089 | LdrLoadDll |
basename => VBE6 module_address => 0x65000000 flags => 0 module_name => VBE6.DLL |
SUCCESS | |||
| 2016-11-06 21:47:32.777089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:32.817089 | LdrLoadDll |
basename => VBE6 module_address => 0x65000000 flags => 0 module_name => VBE6.DLL |
SUCCESS | |||
| 2016-11-06 21:47:32.977089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:33.027089 | LdrLoadDll |
basename => VBE6 module_address => 0x65000000 flags => 0 module_name => VBE6.DLL |
SUCCESS | |||
| 2016-11-06 21:47:33.158089 | LdrLoadDll |
basename => VBE6 module_address => 0x65000000 flags => 0 module_name => VBE6.DLL |
SUCCESS | |||
| 2016-11-06 21:47:33.178089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:33.338089 | LdrLoadDll |
basename => VBE6 module_address => 0x65000000 flags => 0 module_name => VBE6.DLL |
SUCCESS | |||
| 2016-11-06 21:47:33.378089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:33.578089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:33.618089 | CoCreateInstance |
class_context => 5 clsid => {72c24dd5-d70a-438b-8a42-98424b88afb8} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:33.638089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000388 filepath => C:\WINDOWS\system32\wshom.ocx desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\wshom.ocx create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:33.648089 | LdrLoadDll |
basename => VBE6 module_address => 0x65000000 flags => 0 module_name => VBE6.DLL |
SUCCESS | |||
| 2016-11-06 21:47:33.778089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:33.819089 | CoCreateInstance |
class_context => 5 clsid => {0e59f1d5-1fbe-11d0-8ff2-00a0d10038bc} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:33.819089 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000039c filepath => C:\WINDOWS\system32\msscript.ocx desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\msscript.ocx create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:33.909089 | CoCreateInstance |
class_context => 21 clsid => {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} iid => {bb1a2ae1-a4f9-11cf-8f20-00805f2cd064} |
SUCCESS | |||
| 2016-11-06 21:47:33.909089 | CoCreateInstance |
class_context => 1 clsid => {0002e005-0000-0000-c000-000000000046} iid => {0002e013-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:33.929089 | CoCreateInstance |
class_context => 1 clsid => {00000323-0000-0000-c000-000000000046} iid => {00000146-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:33.929089 | CoCreateInstance |
class_context => 1 clsid => {6c736db1-bd94-11d0-8a23-00aa00b58e10} iid => {6c736dc1-ab0d-11d0-a2ad-00a0c90f27e8} |
SUCCESS | |||
| 2016-11-06 21:47:33.979089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:33.989089 | CoGetClassObject |
class_context => 21 clsid => {f6d90f16-9c73-11d3-b32e-00c04f990bb4} iid => {00000001-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:33.999089 | CoCreateInstance |
class_context => 1 clsid => {00000323-0000-0000-c000-000000000046} iid => {00000146-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:33.999089 | LdrLoadDll |
basename => OLEAUT32 module_address => 0x77120000 flags => 0 module_name => OLEAUT32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.159089 | CoGetClassObject |
class_context => 21 clsid => {00000566-0000-0010-8000-00aa006d2ea4} iid => {00000001-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:34.169089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000000 filepath => C:\WINDOWS\system32\msxml3.dll\1 desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\msxml3.dll\1 create_options => 2144 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:34.179089 | NtCreateFile |
create_disposition => 1 file_handle => 0x000003ec filepath => C:\WINDOWS\system32\msxml3.dll desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\msxml3.dll create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:34.189089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:34.269089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\urlmon.dll.123.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\urlmon.dll.123.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:34.279089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\urlmon.dll.123.Config desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\urlmon.dll.123.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:34.339089 | LdrLoadDll |
basename => comctl32 module_address => 0x773d0000 flags => 0 module_name => comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.369089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\WININET.dll.123.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll.123.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:34.369089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\WININET.dll.123.Config desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\WININET.dll.123.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:34.409089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:34.409089 | LdrLoadDll |
basename => comctl32 module_address => 0x773d0000 flags => 0 module_name => comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.409089 | LdrLoadDll |
basename => WININET module_address => 0x3d930000 flags => 0 module_name => WININET.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.419089 | LdrLoadDll |
basename => Secur32 module_address => 0x77fe0000 flags => 0 module_name => Secur32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.449089 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => SHELL32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.459089 | NtOpenFile |
file_handle => 0x00000440 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files desired_access => 0x00100100 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files open_options => 2113568 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:34.469089 | NtOpenFile |
file_handle => 0x00000440 filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 desired_access => 0x00100100 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 open_options => 2113568 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:34.480089 | NtOpenFile |
file_handle => 0x00000440 filepath => C:\Documents and Settings\Administrator\Local Settings\History desired_access => 0x00100100 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\History open_options => 2113568 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:34.500089 | NtOpenFile |
file_handle => 0x00000440 filepath => C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 desired_access => 0x00100100 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\History\History.IE5 open_options => 2113568 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:34.510089 | NtOpenFile |
file_handle => 0x0000043c filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ desired_access => 0x00100100 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ open_options => 2113568 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:34.520089 | NtCreateFile |
create_disposition => 3 file_handle => 0x0000043c filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat desired_access => 0xc0100080 file_attributes => 8198 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat create_options => 2144 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:34.530089 | NtOpenFile |
file_handle => 0x00000448 filepath => C:\Documents and Settings\Administrator\Cookies\ desired_access => 0x00100100 filepath_r => \??\C:\Documents and Settings\Administrator\Cookies\ open_options => 2113568 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:34.560089 | NtCreateFile |
create_disposition => 3 file_handle => 0x00000448 filepath => C:\Documents and Settings\Administrator\Cookies\index.dat desired_access => 0xc0100080 file_attributes => 8198 filepath_r => \??\C:\Documents and Settings\Administrator\Cookies\index.dat create_options => 2144 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:34.570089 | NtOpenFile |
file_handle => 0x00000454 filepath => C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\ desired_access => 0x00100100 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\ open_options => 2113568 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:34.570089 | NtCreateFile |
create_disposition => 3 file_handle => 0x00000454 filepath => C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat desired_access => 0xc0100080 file_attributes => 8198 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat create_options => 2144 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:34.580089 | NtOpenFile |
file_handle => 0x0000045c filepath => C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ desired_access => 0x00100100 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ open_options => 2113568 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:34.580089 | NtOpenFile |
file_handle => 0x0000045c filepath => C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\ desired_access => 0x00100100 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\ open_options => 2113568 status_info => 1 share_access => 7 |
SUCCESS | |||
| 2016-11-06 21:47:34.600089 | LdrLoadDll |
basename => ws2_32 module_address => 0x71ab0000 flags => 0 module_name => ws2_32 |
SUCCESS | |||
| 2016-11-06 21:47:34.610089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:34.640089 | LdrLoadDll |
basename => urlmon module_address => 0x048f0000 flags => 0 module_name => urlmon.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.640089 | LdrLoadDll |
basename => WININET module_address => 0x3d930000 flags => 0 module_name => WININET.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.650089 | LdrLoadDll |
basename => wininet module_address => 0x3d930000 flags => 0 module_name => wininet.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.700089 | NtOpenFile |
file_handle => 0x000004d0 filepath => C:\WINDOWS\system32\tapi32.dll desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\TAPI32.dll open_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:34.710089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\TAPI32.dll.124.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\TAPI32.dll.124.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:34.720089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\system32\TAPI32.dll.124.Config desired_access => 0x001200a9 filepath_r => \??\C:\WINDOWS\system32\TAPI32.dll.124.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:47:34.740089 | LdrLoadDll |
basename => comctl32 module_address => 0x773d0000 flags => 0 module_name => comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.740089 | LdrLoadDll |
basename => RASAPI32 module_address => 0x76ee0000 flags => 0 module_name => RASAPI32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:34.740089 | LdrLoadDll |
basename => RASAPI32 module_address => 0x76ee0000 flags => 0 module_name => RASAPI32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.750089 | LdrLoadDll |
basename => RTUTILS module_address => 0x76e80000 flags => 0 module_name => RTUTILS.DLL |
SUCCESS | |||
| 2016-11-06 21:47:34.750089 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => SHELL32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.760089 | LdrLoadDll |
basename => USERENV module_address => 0x769c0000 flags => 0 module_name => USERENV.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.770089 | LdrLoadDll |
basename => RASMAN module_address => 0x76e90000 flags => 0 module_name => RASMAN.DLL |
SUCCESS | |||
| 2016-11-06 21:47:34.780089 | NtCreateFile |
create_disposition => 1 file_handle => 0x0000052c filepath => \\?\PIPE\ROUTER desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\ROUTER create_options => 4194368 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:34.790089 | NtWriteFile |
buffer => H ¸¸ ½¨¯}ɾô +) ]ëÉè +H` file_handle => 0x0000052c offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:34.800089 | LdrLoadDll |
basename => netapi32 module_address => 0x5b860000 flags => 0 module_name => netapi32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.800089 | NtWriteFile |
buffer => H ¸¸zà j(9±Ð¨ ÀOÙ.õ ]ëÉè +H` file_handle => 0x00000350 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:34.810089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:34.900089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000534 filepath => c:\AUTOEXEC.BAT desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\c:\autoexec.bat create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:34.900089 | NtOpenFile |
file_handle => 0x00000538 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:34.910089 | NtOpenFile |
file_handle => 0x00000538 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:34.920089 | LdrLoadDll |
basename => secur32 module_address => 0x77fe0000 flags => 0 module_name => secur32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.940089 | LdrLoadDll |
basename => msapsspc module_address => 0x71e50000 flags => 0 module_name => msapsspc.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.960089 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.960089 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.960089 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.970089 | LdrLoadDll |
basename => schannel module_address => 0x767f0000 flags => 0 module_name => schannel.dll |
SUCCESS | |||
| 2016-11-06 21:47:34.980089 | NtOpenFile |
file_handle => 0x00000538 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:34.990089 | NtOpenFile |
file_handle => 0x00000538 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:34.990089 | NtOpenFile |
file_handle => 0x00000538 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.000089 | NtOpenFile |
file_handle => 0x00000538 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.010089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:35.010089 | NtOpenFile |
file_handle => 0x00000508 filepath => C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.030089 | NtOpenFile |
file_handle => 0x00000508 filepath => C:\WINDOWS\system32\ras\ desired_access => 0x00100001 filepath_r => \??\C:\WINDOWS\system32\Ras\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.040089 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.050089 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.050089 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.060089 | LdrLoadDll |
basename => credssp module_address => 0x59c00000 flags => 0 module_name => credssp.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.060089 | LdrLoadDll |
basename => digest module_address => 0x75b00000 flags => 0 module_name => digest.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.080089 | LdrLoadDll |
basename => msnsspc module_address => 0x747b0000 flags => 0 module_name => msnsspc.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.090089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000538 filepath => C:\WINDOWS\system32\credssp.dll desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\WINDOWS\system32\credssp.dll create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:35.100089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000538 filepath => C:\WINDOWS\system32\credssp.dll desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\WINDOWS\system32\credssp.dll create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:35.110089 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.110089 | LdrLoadDll |
basename => kernel32 module_address => 0x7c800000 flags => 0 module_name => kernel32.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.110089 | LdrLoadDll |
basename => advapi32 module_address => 0x77dd0000 flags => 0 module_name => advapi32.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.120089 | LdrLoadDll |
basename => credssp module_address => 0x59c00000 flags => 0 module_name => C:\WINDOWS\system32\credssp.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.140089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000534 filepath => c:\AUTOEXEC.BAT desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\c:\autoexec.bat create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:35.140089 | NtOpenFile |
file_handle => 0x00000540 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.150089 | NtOpenFile |
file_handle => 0x00000540 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.150089 | NtOpenFile |
file_handle => 0x00000540 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.160089 | NtOpenFile |
file_handle => 0x00000540 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.160089 | NtOpenFile |
file_handle => 0x00000540 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.170089 | NtOpenFile |
file_handle => 0x00000540 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.191089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\ open_options => 16417 status_info => 4294967295 share_access => 3 |
FAILURE | |||
| 2016-11-06 21:47:35.201089 | LdrLoadDll |
basename => sensapi module_address => 0x722b0000 flags => 0 module_name => sensapi.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.211089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:35.211089 | LdrLoadDll |
basename => schannel module_address => 0x767f0000 flags => 0 module_name => C:\WINDOWS\system32\schannel.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.241089 | NtCreateFile |
create_disposition => 3 file_handle => 0x00000578 filepath => \Device\Tcp desired_access => 0x20000000 file_attributes => 128 filepath_r => \Device\Tcp create_options => 0 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.251089 | NtCreateFile |
create_disposition => 3 file_handle => 0x0000057c filepath => \Device\Tcp desired_access => 0x40000000 file_attributes => 128 filepath_r => \Device\Tcp create_options => 0 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.261089 | NtCreateFile |
create_disposition => 3 file_handle => 0x00000580 filepath => \Device\Ip desired_access => 0x20000000 file_attributes => 128 filepath_r => \Device\Ip create_options => 0 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.261089 | NtCreateFile |
create_disposition => 3 file_handle => 0x00000584 filepath => \Device\Ip desired_access => 0x00100003 file_attributes => 128 filepath_r => \Device\Ip create_options => 0 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.271089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000588 filepath => \??\Ip desired_access => 0x20100080 file_attributes => 128 filepath_r => \??\Ip create_options => 64 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.321089 | LdrLoadDll |
basename => msv1_0 module_address => 0x77c70000 flags => 0 module_name => C:\WINDOWS\system32\msv1_0.dll |
SUCCESS | |||
| 2016-11-06 21:47:35.321089 | NtCreateFile |
create_disposition => 1 file_handle => 0x000005c0 filepath => \\?\PIPE\ROUTER desired_access => 0xc0100080 file_attributes => 0 filepath_r => \??\PIPE\ROUTER create_options => 4194368 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:35.331089 | NtWriteFile |
buffer => 4 ¸¸¸Ô 6 a "úÏ# Éåß ]ëÉè +H`
È7$ NTLMSSP ·²â 0 ( (
PKSJ-ITSPKSJ file_handle => 0x000005c0 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:35.341089 | NtWriteFile |
buffer => d H ¸¸
È7$ NTLMSSP H H H H H H 5Ââ(
file_handle => 0x000005c0 offset => 0 |
SUCCESS | |||
| 2016-11-06 21:47:35.411089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:35.611089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:35.811089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:36.032089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:36.102089 | LdrLoadDll |
basename => mswsock module_address => 0x71a50000 flags => 0 module_name => C:\WINDOWS\system32\mswsock.dll |
SUCCESS | |||
| 2016-11-06 21:47:36.102089 | LdrLoadDll |
basename => hnetcfg module_address => 0x662b0000 flags => 0 module_name => hnetcfg.dll |
SUCCESS | |||
| 2016-11-06 21:47:36.112089 | LdrLoadDll |
basename => mswsock module_address => 0x71a50000 flags => 0 module_name => C:\WINDOWS\system32\mswsock.dll |
SUCCESS | |||
| 2016-11-06 21:47:36.112089 | LdrLoadDll |
basename => wshtcpip module_address => 0x71a90000 flags => 0 module_name => C:\WINDOWS\System32\wshtcpip.dll |
SUCCESS | |||
| 2016-11-06 21:47:36.122089 | NtCreateFile |
create_disposition => 3 file_handle => 0x000005cc filepath => \Device\Afd\Endpoint desired_access => 0xc0100000 file_attributes => 0 filepath_r => \Device\Afd\Endpoint create_options => 0 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.122089 | LdrLoadDll |
basename => WS2_32 module_address => 0x71ab0000 flags => 0 module_name => WS2_32.dll |
SUCCESS | |||
| 2016-11-06 21:47:36.162089 | LdrLoadDll |
basename => mswsock module_address => 0x71a50000 flags => 0 module_name => C:\WINDOWS\System32\mswsock.dll |
SUCCESS | |||
| 2016-11-06 21:47:36.182089 | LdrLoadDll |
basename => rasadhlp module_address => 0x76fc0000 flags => 0 module_name => rasadhlp.dll |
SUCCESS | |||
| 2016-11-06 21:47:36.182089 | LdrLoadDll |
basename => urlmon module_address => 0x048f0000 flags => 0 module_name => urlmon.dll |
SUCCESS | |||
| 2016-11-06 21:47:36.202089 | NtCreateFile |
create_disposition => 3 file_handle => 0x0000061c filepath => \Device\Afd\Endpoint desired_access => 0xc0100000 file_attributes => 0 filepath_r => \Device\Afd\Endpoint create_options => 0 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.202089 | LdrLoadDll |
basename => mswsock module_address => 0x71a50000 flags => 0 module_name => C:\WINDOWS\system32\mswsock.dll |
SUCCESS | |||
| 2016-11-06 21:47:36.212089 | NtCreateFile |
create_disposition => 3 file_handle => 0x0000062c filepath => \Device\Afd\AsyncConnectHlp desired_access => 0xc0100000 file_attributes => 0 filepath_r => \Device\Afd\AsyncConnectHlp create_options => 0 status_info => 0 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:36.232089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:36.432089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:36.633089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:36.833089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:37.033089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:37.233089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:37.374089 | LdrLoadDll |
basename => USER32 module_address => 0x7e410000 flags => 0 module_name => USER32.dll |
SUCCESS | |||
| 2016-11-06 21:47:37.394089 | CoCreateInstance |
class_context => 5 clsid => {72c24dd5-d70a-438b-8a42-98424b88afb8} iid => {00000000-0000-0000-c000-000000000046} |
SUCCESS | |||
| 2016-11-06 21:47:37.404089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000658 filepath => C:\WINDOWS\system32\wshom.ocx desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\wshom.ocx create_options => 2144 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:37.404089 | LdrLoadDll |
basename => shell32 module_address => 0x7c9c0000 flags => 0 module_name => shell32.dll |
SUCCESS | |||
| 2016-11-06 21:47:37.444089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:37.594089 | NtOpenFile |
file_handle => 0x0000066c filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.604089 | NtOpenFile |
file_handle => 0x0000066c filepath => C:\WINDOWS\ desired_access => 0x00100001 filepath_r => \??\C:\WINDOWS\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.614089 | NtOpenFile |
file_handle => 0x0000066c filepath => C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ desired_access => 0x00100001 filepath_r => \??\C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.624089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000674 filepath => C:\WINDOWS\system32\rsaenh.dll desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\WINDOWS\system32\rsaenh.dll create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:37.634089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000674 filepath => C:\WINDOWS\system32\rsaenh.dll desired_access => 0x80100080 file_attributes => 128 filepath_r => \??\C:\WINDOWS\system32\rsaenh.dll create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:37.644089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:37.664089 | LdrLoadDll |
basename => crypt32 module_address => 0x77a80000 flags => 0 module_name => crypt32.dll |
SUCCESS | |||
| 2016-11-06 21:47:37.674089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000678 filepath => C:\WINDOWS\system32\rsaenh.dll desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\rsaenh.dll create_options => 96 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.684089 | NtCreateFile |
create_disposition => 1 file_handle => 0x00000678 filepath => C:\WINDOWS\system32\rsaenh.dll desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\rsaenh.dll create_options => 96 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:37.764089 | LdrLoadDll |
basename => rsaenh module_address => 0x68000000 flags => 0 module_name => rsaenh.dll |
SUCCESS | |||
| 2016-11-06 21:47:37.764089 | LdrLoadDll |
basename => Kernel32 module_address => 0x7c800000 flags => 0 module_name => Kernel32.DLL |
SUCCESS | |||
| 2016-11-06 21:47:37.794089 | LdrLoadDll |
basename => Comctl32 module_address => 0x773d0000 flags => 0 module_name => Comctl32.dll |
SUCCESS | |||
| 2016-11-06 21:47:37.794089 | LdrLoadDll |
basename => user32 module_address => 0x7e410000 flags => 0 module_name => user32.dll |
SUCCESS | |||
| 2016-11-06 21:47:37.804089 | LdrLoadDll |
basename => MSImg32 module_address => 0x76380000 flags => 0 module_name => MSImg32.dll |
SUCCESS | |||
| 2016-11-06 21:47:37.804089 | LdrLoadDll |
basename => UXTHEME module_address => 0x5ad70000 flags => 0 module_name => UXTHEME.DLL |
SUCCESS | |||
| 2016-11-06 21:47:37.814089 | ShellExecuteExW |
parameters => filepath => C:\Documents and Settings\Administrator\Local Settings\Temp\nanagrams.exe filepath_r => C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nanagrams.exe show_type => 1 |
FAILURE | |||
| 2016-11-06 21:47:37.844089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:38.045089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:38.085089 | LdrLoadDll |
basename => Msctf module_address => 0x74720000 flags => 0 module_name => C:\WINDOWS\system32\Msctf.dll |
SUCCESS | |||
| 2016-11-06 21:47:38.245089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:38.275089 | NtCreateFile |
create_disposition => 1 file_handle => 0x000003a0 filepath => C:\WINDOWS\system32\netmsg.dll desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\WINDOWS\system32\netmsg.dll create_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:38.295089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\WINHELP.INI desired_access => 0x80100000 filepath_r => \??\C:\WINDOWS\WINHELP.INI open_options => 96 status_info => 4294967295 share_access => 7 |
FAILURE | |||
| 2016-11-06 21:47:38.305089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\WINDOWS\WINHELP.INI desired_access => 0x80100000 filepath_r => \??\C:\WINDOWS\WINHELP.INI open_options => 96 status_info => 4294967295 share_access => 7 |
FAILURE | |||
| 2016-11-06 21:47:38.435089 | LdrLoadDll |
basename => oleaut32 module_address => 0x77120000 flags => 0 module_name => oleaut32.dll |
SUCCESS | |||
| 2016-11-06 21:47:38.505089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:38.706089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:38.906089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:39.106089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:39.166089 | LdrLoadDll |
basename => wwlib module_address => 0x31240000 flags => 0 module_name => C:\Program Files\Microsoft Office\Office12\wwlib.dll |
SUCCESS | |||
| 2016-11-06 21:47:39.457089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:39.697089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:39.897089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:40.098089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:40.298089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:40.498089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:40.698089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:40.899089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:41.099089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:41.299089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:41.500089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:41.700089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:41.780089 | NtOpenFile |
file_handle => 0x0000039c filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:41.910089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:41.910089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Schemas\MS Word_restart.xml desired_access => 0x00010080 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Schemas\MS Word_restart.xml open_options => 2113600 status_info => 4294967295 share_access => 7 |
FAILURE | |||
| 2016-11-06 21:47:41.930089 | NtOpenFile |
file_handle => 0x000003a0 filepath => C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\STARTUP\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Application Data\Microsoft\Word\STARTUP\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:41.970089 | NtOpenFile |
file_handle => 0x000003a0 filepath => C:\Program Files\Microsoft Office\Office12\STARTUP\ desired_access => 0x00100001 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\STARTUP\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:42.100089 | NtOpenFile |
file_handle => 0x0000039c filepath => C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Office\ desired_access => 0x00100001 filepath_r => \??\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Office\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:42.110089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:42.311089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:42.321089 | CoCreateInstance |
class_context => 1 clsid => {7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4} iid => {79eac9ee-baf9-11ce-8c82-00aa004ba90b} |
SUCCESS | |||
| 2016-11-06 21:47:42.331089 | LdrLoadDll |
basename => SHELL32 module_address => 0x7c9c0000 flags => 0 module_name => SHELL32.dll |
SUCCESS | |||
| 2016-11-06 21:47:42.331089 | NtOpenFile |
file_handle => 0x000003e0 filepath => C:\ desired_access => 0x00100001 filepath_r => \??\C:\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:42.341089 | LdrLoadDll |
basename => wininet module_address => 0x3d930000 flags => 0 module_name => wininet.dll |
SUCCESS | |||
| 2016-11-06 21:47:42.361089 | NtOpenFile |
file_handle => 0x000003e0 filepath => C:\Documents and Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:42.361089 | NtOpenFile |
file_handle => 0x000003e0 filepath => C:\Documents and Settings\Administrator\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:42.371089 | NtOpenFile |
file_handle => 0x000003e0 filepath => C:\Documents and Settings\Administrator\Local Settings\ desired_access => 0x00100001 filepath_r => \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\ open_options => 16417 status_info => 1 share_access => 3 |
SUCCESS | |||
| 2016-11-06 21:47:42.511089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:42.551089 | NtCreateFile |
create_disposition => 1 file_handle => 0x000003e0 filepath => C:\Program Files\Microsoft Office\Office12\ID_00030.DPC desired_access => 0x80100080 file_attributes => 0 filepath_r => \??\C:\Program Files\Microsoft Office\Office12\id_00030.dpc create_options => 96 status_info => 1 share_access => 1 |
SUCCESS | |||
| 2016-11-06 21:47:42.711089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:42.912089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:43.052089 | NtOpenFile |
file_handle => 0x00000158 filepath => C:\WINDOWS\system32\MSIMTF.dll desired_access => 0x00100020 filepath_r => \??\C:\WINDOWS\system32\Msimtf.dll open_options => 96 status_info => 1 share_access => 5 |
SUCCESS | |||
| 2016-11-06 21:47:43.112089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:43.312089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:43.512089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:43.713089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:43.783089 | LdrLoadDll |
basename => riched20 module_address => 0x3a780000 flags => 0 module_name => C:\Program Files\Common Files\Microsoft Shared\office12\riched20.dll |
SUCCESS | |||
| 2016-11-06 21:47:43.913089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:44.113089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:44.314089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:44.514089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:44.714089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:44.915089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:45.115089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:45.315089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:45.515089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:45.716089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:45.916089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:46.116089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:46.317089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:46.517089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:46.837089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:47.068089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:47.268089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:47.468089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:47.668089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:47.869089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:48.069089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:48.269089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:48.470089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:48.670089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:48.870089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:49.070089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:49.271089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:49.471089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:49.671089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:49.872089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:50.072089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:50.272089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:50.472089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:50.673089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:50.873089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:51.073089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:51.274089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:51.474089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:51.674089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:51.875089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:52.075089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:52.275089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:52.475089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:52.676089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:52.876089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:53.076089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:53.277089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:53.477089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:53.677089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:53.877089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:54.078089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:54.278089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:54.478089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:54.679089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:54.879089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:55.079089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:55.279089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:55.480089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:55.680089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:55.880089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:56.081089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:56.281089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:56.481089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:56.681089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:56.882089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:57.232089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:57.433089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:57.653089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:57.853089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:58.053089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:58.254089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:58.454089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:58.654089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:58.855089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:59.055089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:59.255089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:59.455089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:59.656089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:47:59.856089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:00.056089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:00.257089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:00.457089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:00.657089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:00.857089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:01.058089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:01.268089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:01.468089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:01.669089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:01.869089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:02.069089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:02.269089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:02.470089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:02.670089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:02.870089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:03.071089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:03.271089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:03.471089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:03.671089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:03.872089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:04.072089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:04.272089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:04.493089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:04.693089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:04.893089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:05.094089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:05.294089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:05.494089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:05.694089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:05.895089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:06.095089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:06.295089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:06.496089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:06.696089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:06.896089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:07.096089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:07.297089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:07.497089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:07.697089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:07.898089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:08.098089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:08.298089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:08.498089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:08.699089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:08.899089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:09.099089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:09.300089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:09.500089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:09.700089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:09.900089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:10.101089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:10.301089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:10.501089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:10.702089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:10.902089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:11.102089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:11.302089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:11.503089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:11.703089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:11.903089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:12.104089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:12.304089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:12.504089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:12.704089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:12.905089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:13.105089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:13.305089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:13.506089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:13.706089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:13.906089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:14.106089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:14.307089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:14.507089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:14.707089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:14.908089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:15.108089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:15.308089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:15.508089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:15.719089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:15.919089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:16.119089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:16.320089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:16.520089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:16.720089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:16.921089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:17.121089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:17.321089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:17.521089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:17.722089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:17.932089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:18.132089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:18.333089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:18.533089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:18.733089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:18.933089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:19.134089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:19.334089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:19.534089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:19.735089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:19.935089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:20.135089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:20.335089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:20.536089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:20.736089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:20.936089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:21.137089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:21.337089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:21.537089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:21.737089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:21.938089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:22.028089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL.2.Manifest desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL.2.Manifest open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:48:22.038089 | NtOpenFile |
file_handle => 0x00000000 filepath => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL.2.Config desired_access => 0x001200a9 filepath_r => \??\C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL.2.Config open_options => 96 status_info => 4294967295 share_access => 1 |
FAILURE | |||
| 2016-11-06 21:48:22.058089 | LdrLoadDll |
basename => OGL module_address => 0x3bd10000 flags => 0 module_name => C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL |
SUCCESS | |||
| 2016-11-06 21:48:22.068089 | LdrLoadDll |
basename => WTSAPI32 module_address => 0x76f50000 flags => 0 module_name => WTSAPI32.DLL |
SUCCESS | |||
| 2016-11-06 21:48:22.138089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:22.338089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:22.539089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:22.739089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:22.939089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:23.139089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:23.340089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:23.540089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:23.740089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:23.941089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:24.141089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:24.341089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:24.541089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:24.742089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:24.942089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:24.972089 | NtDelayExecution |
skipped => 0 milliseconds => 60000 |
SUCCESS | |||
| 2016-11-06 21:48:25.142089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:25.343089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:25.543089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:25.743089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:25.944089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:26.144089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:26.344089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:26.544089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:26.745089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:26.945089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:27.145089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:27.346089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:27.546089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:27.746089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:27.946089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:28.147089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:28.347089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:28.547089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:28.748089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:28.948089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:29.148089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:29.348089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:29.549089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:29.759089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:29.959089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:30.160089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:30.360089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:30.560089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:30.760089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:30.961089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:31.161089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:31.361089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:31.562089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:31.762089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:31.962089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:32.162089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:32.363089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:32.563089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:32.763089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:32.964089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:33.194089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:33.454089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:33.655089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:33.855089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:34.055089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:34.255089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:34.456089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:34.656089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:34.856089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:35.057089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:35.257089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:35.457089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:35.657089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:35.858089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:36.058089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:36.258089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:36.459089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:36.659089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:36.879089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:37.100089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:37.300089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:37.500089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:37.700089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:37.901089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:38.101089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:38.301089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:38.502089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:38.702089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:38.902089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:39.102089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:39.303089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:39.503089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:39.703089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:39.904089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:40.104089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:40.304089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:40.504089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:40.705089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:40.905089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:41.105089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:41.306089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:41.506089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:41.706089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:41.906089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:42.107089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:42.307089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:42.507089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:42.708089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:42.908089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:43.108089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:43.308089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:43.509089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:43.709089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:43.909089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:44.110089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:44.310089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:44.510089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:44.710089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:44.911089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:45.111089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:45.311089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:45.512089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:45.712089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:45.912089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:46.113089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:46.313089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:46.513089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:46.713089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:46.914089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:47.114089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:47.314089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:47.515089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:47.715089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:47.915089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:48.115089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:48.316089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:48.516089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:48.716089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:48.917089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:49.117089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:49.317089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:49.517089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:49.718089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:49.918089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:50.118089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:50.319089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:50.519089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:50.719089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:50.919089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:51.120089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:51.320089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:51.520089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:51.721089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:51.921089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:52.121089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:52.321089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:52.522089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:52.722089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:52.922089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:53.123089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:53.323089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:53.523089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:53.723089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:53.924089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:54.124089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:54.324089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:54.525089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:54.725089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:54.925089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:55.125089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:55.326089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:55.526089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:55.726089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:55.927089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:56.127089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:56.327089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:56.527089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:56.728089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:56.928089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:57.128089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:57.329089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:57.529089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:57.729089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:57.929089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:58.130089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:58.330089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:58.530089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:58.731089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:58.931089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:59.131089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:59.332089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:59.532089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:59.732089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:48:59.932089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:00.133089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:00.333089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:00.533089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:00.734089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:00.934089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:01.134089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:01.334089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:01.535089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:01.735089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:01.935089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:02.136089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:02.346089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:02.546089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:02.746089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:02.947089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:03.147089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:03.347089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:03.548089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:03.748089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:03.948089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:04.148089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:04.349089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:04.549089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:04.749089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:04.950089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:05.150089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:05.350089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:05.550089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:05.761089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:05.961089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:06.161089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:06.362089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:06.562089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:06.762089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:06.962089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:07.163089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:07.363089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:07.563089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:07.764089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:07.964089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:08.164089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:08.365089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:08.565089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:08.765089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:08.965089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:09.166089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:09.366089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:09.566089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:09.767089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:09.967089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:10.167089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:10.367089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:10.568089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:10.768089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:10.968089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:11.169089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:11.369089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:11.569089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:11.779089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:11.980089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:12.180089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:12.380089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:12.581089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:12.781089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:12.981089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:13.181089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:13.382089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:13.582089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:13.782089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:13.983089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:14.183089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:14.383089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:14.583089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:14.784089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:14.984089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:15.184089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:15.385089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:15.585089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:15.785089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:15.985089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:16.186089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:16.386089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:16.586089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:16.787089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:16.987089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:17.187089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:17.387089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:17.588089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:17.788089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:17.988089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:18.189089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:18.389089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:18.589089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:18.789089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:18.990089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:19.190089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:19.420089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:19.621089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:19.821089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:20.021089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:20.222089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:20.432089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:20.632089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:20.832089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:21.033089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:21.233089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS | |||
| 2016-11-06 21:49:21.433089 | NtDelayExecution |
skipped => 0 milliseconds => 200 |
SUCCESS |